gvsig-scripting / org.gvsig.scripting / trunk / org.gvsig.scripting / org.gvsig.scripting.app / org.gvsig.scripting.app.mainplugin / src / main / resources-plugin / scripting / lib / oauthlib / oauth2 / rfc6749 / endpoints / token.py @ 564
History | View | Annotate | Download (3.59 KB)
1 |
# -*- coding: utf-8 -*-
|
---|---|
2 |
"""
|
3 |
oauthlib.oauth2.rfc6749
|
4 |
~~~~~~~~~~~~~~~~~~~~~~~
|
5 |
|
6 |
This module is an implementation of various logic needed
|
7 |
for consuming and providing OAuth 2.0 RFC6749.
|
8 |
"""
|
9 |
from __future__ import absolute_import, unicode_literals |
10 |
|
11 |
import logging |
12 |
|
13 |
from oauthlib.common import Request |
14 |
|
15 |
from .base import BaseEndpoint, catch_errors_and_unavailability |
16 |
|
17 |
|
18 |
log = logging.getLogger(__name__) |
19 |
|
20 |
|
21 |
class TokenEndpoint(BaseEndpoint): |
22 |
|
23 |
"""Token issuing endpoint.
|
24 |
|
25 |
The token endpoint is used by the client to obtain an access token by
|
26 |
presenting its authorization grant or refresh token. The token
|
27 |
endpoint is used with every authorization grant except for the
|
28 |
implicit grant type (since an access token is issued directly).
|
29 |
|
30 |
The means through which the client obtains the location of the token
|
31 |
endpoint are beyond the scope of this specification, but the location
|
32 |
is typically provided in the service documentation.
|
33 |
|
34 |
The endpoint URI MAY include an "application/x-www-form-urlencoded"
|
35 |
formatted (per `Appendix B`_) query component,
|
36 |
which MUST be retained when adding additional query parameters. The
|
37 |
endpoint URI MUST NOT include a fragment component::
|
38 |
|
39 |
https://example.com/path?query=component # OK
|
40 |
https://example.com/path?query=component#fragment # Not OK
|
41 |
|
42 |
Since requests to the authorization endpoint result in user
|
43 |
Since requests to the token endpoint result in the transmission of
|
44 |
clear-text credentials (in the HTTP request and response), the
|
45 |
authorization server MUST require the use of TLS as described in
|
46 |
Section 1.6 when sending requests to the token endpoint::
|
47 |
|
48 |
# We will deny any request which URI schema is not with https
|
49 |
|
50 |
The client MUST use the HTTP "POST" method when making access token
|
51 |
requests::
|
52 |
|
53 |
# HTTP method is currently not enforced
|
54 |
|
55 |
Parameters sent without a value MUST be treated as if they were
|
56 |
omitted from the request. The authorization server MUST ignore
|
57 |
unrecognized request parameters. Request and response parameters
|
58 |
MUST NOT be included more than once::
|
59 |
|
60 |
# Delegated to each grant type.
|
61 |
|
62 |
.. _`Appendix B`: http://tools.ietf.org/html/rfc6749#appendix-B
|
63 |
"""
|
64 |
|
65 |
def __init__(self, default_grant_type, default_token_type, grant_types): |
66 |
BaseEndpoint.__init__(self)
|
67 |
self._grant_types = grant_types
|
68 |
self._default_token_type = default_token_type
|
69 |
self._default_grant_type = default_grant_type
|
70 |
|
71 |
@property
|
72 |
def grant_types(self): |
73 |
return self._grant_types |
74 |
|
75 |
@property
|
76 |
def default_grant_type(self): |
77 |
return self._default_grant_type |
78 |
|
79 |
@property
|
80 |
def default_grant_type_handler(self): |
81 |
return self.grant_types.get(self.default_grant_type) |
82 |
|
83 |
@property
|
84 |
def default_token_type(self): |
85 |
return self._default_token_type |
86 |
|
87 |
@catch_errors_and_unavailability
|
88 |
def create_token_response(self, uri, http_method='GET', body=None, |
89 |
headers=None, credentials=None): |
90 |
"""Extract grant_type and route to the designated handler."""
|
91 |
request = Request( |
92 |
uri, http_method=http_method, body=body, headers=headers) |
93 |
request.scopes = None
|
94 |
request.extra_credentials = credentials |
95 |
grant_type_handler = self.grant_types.get(request.grant_type,
|
96 |
self.default_grant_type_handler)
|
97 |
log.debug('Dispatching grant_type %s request to %r.',
|
98 |
request.grant_type, grant_type_handler) |
99 |
return grant_type_handler.create_token_response(
|
100 |
request, self.default_token_type)
|